7.11. NTRUEncrypt as a Lattice Cryptosystem 425
Returning to Example 7.56, we see that the expected number of decryption keys in T (84, 83) for N = 251 and q = 257 is